- 浏览: 34237 次
- 性别:
- 来自: 深圳
最新评论
The firsts:Environment
1.Operating System Version :Fedora14
2.Eclipse Version:J2ee版3.5
3.jdk Version:jdk1.6
4.maven local repository:/var/javaproject/repo
5.tomcat Version:1.6
6.tomcat Port:9080
7.The Web service server and client use CXF can work already. refer to CXF用户认证
The second step:Create X509 certificate store
Window batch scriptt file
create a dos batch execute file name generateKeyPair.bat and input the following content
rem ************** generateKeyPair.bat ********** start
rem @echo off
echo alias %1
echo keypass %2
echo keystoreName %3
echo KeyStorePass %4
echo keyName %5
echo keyName %5
keytool -genkey -alias %1 -keypass %2 -keystore %3 -storepass %4 -dname "cn=%1" -keyalg RSA
keytool -selfcert -alias %1 -keystore %3 -storepass %4 -keypass %2
keytool -export -alias %1 -file %5 -keystore %3 -storepass %4
rem ************** generateKeyPair.bat ********** end
create a dos batch execute file name generateServerKey.bat and input the following content:
rem ************** generateServerKey.bat ********** start
call generateKeyPair.bat apmserver apmserverpass serverStore.jks keystorePass serverKey.rsa
call generateKeyPair.bat apmclient apmclientpass clientStore.jks keystorePass clientKey.rsa
keytool -import -alias apmserver -file serverKey.rsa -keystore clientStore.jks -storepass keystorePass -noprompt
keytool -import -alias apmclient -file clientKey.rsa -keystore serverStore.jks -storepass keystorePass -noprompt
rem ************** generateServerKey.bat ********** end
Linux shell scriptt :
create a Linux shell scriptt file name generateKeyPair.sh and input the following content:
# ******************* generateKeyPair.sh start ***********
#!/bin/bash
echo alias $1
echo keypass $2
echo keystoreName $3
echo KeyStorePass $4
echo keyName $5
echo keyName $5
keytool -genkey -alias $1 -keypass $2 -keystore $3 -storepass $4 -dname "cn=$1" -keyalg RSA
keytool -selfcert -alias $1 -keystore $3 -storepass $4 -keypass $2
keytool -export -alias $1 -file $5 -keystore $3 -storepass $4
# ******************* generateKeyPair.sh end ***********
create a Linux shell scriptt file name generateServerKey.sh then input the following content:
# ******************* generateServerKey.sh start ***********
#!/bin/bash
./generateKeyPair.sh apmserver apmserverpass serverStore.jks keystorePass serverKey.rsa
./generateKeyPair.sh apmclient apmclientpass clientStore.jks keystorePass clientKey.rsa
keytool -import -alias apmserver -file serverKey.rsa -keystore clientStore.jks -storepass keystorePass -noprompt
keytool -import -alias apmclient -file clientKey.rsa -keystore serverStore.jks -storepass keystorePass -noprompt
# ******************* generateServerKey.sh end ***********
3.execute the generateServerKey.sh on Linux(generateServerKey.bat on windows) then you will get two key store file clientStore.jks and serverStore.jks. As show on the shell scriptt the user name and password is:
Server:apmserver / apmserverpass
Client:apmclient / apmclientpass
The third step:Configure Server
Copy the serverStore.jks to the resource fold of the web project, The root fold of resource fold, That is the same fold as the file applicationContext-server.xml.
Create a properties file named server_insecurity_enc.properties in the same fold for server encryption then input the following content:
#-- server_insecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmserverpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmserver
org.apache.ws.security.crypto.merlin.file=serverStore.jks
#-- server_insecurity_enc.properties end
Create a properties file named server_insecurity_sign.properties in the same fold for server signature then input the following content:
#-- server_insecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.keystore.alias=apmserver
org.apache.ws.security.crypto.merlin.file=serverStore.jks
#-- server_insecurity_enc.properties end
Create a properties file named sserver_outsecurity_enc.properties in the same fold for server out encryption then input the following content:
#-- server_outsecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.file=serverStore.jks
#-- server_outsecurity_enc.properties end
alter the service definition file applicationContext-server.xml.
<!-- applicationContext-server.xml start -->
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<bean id="addressBookServiceImpl" class="com.bruce.cxftest.service.AddressBookServiceImpl" />
<bean id="passwordCallback" class="com.bruce.cxftest.security.ServerPasswordCallback" />
<bean id="saajInInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean id="saajOutInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean id="logInInterceptor" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean id="logOutInterceptor" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
<bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken Timestamp Encrypt Signature" />
<entry key="decryptionPropFile" value="server_insecurity_enc.properties" />
<entry key="signaturePropFile" value="server_insecurity_sign.properties" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="Timestamp Encrypt Signature" />
<entry key="user" value="apmserver" />
<entry key="encryptionUser" value="apmclient" />
<entry key="encryptionPropFile" value="server_outsecurity_enc.properties" />
<entry key="signaturePropFile" value="server_insecurity_sign.properties" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<jaxws:endpoint id="addressBookService" implementor="#addressBookServiceImpl"
address="/AddressBookService" >
<jaxws:inInterceptors>
<ref bean="logInInterceptor" />
<ref bean="saajInInterceptor" />
<ref bean="wss4jInConfiguration" />
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<ref bean="logOutInterceptor" />
<ref bean="saajOutInterceptor" />
<ref bean="wss4jOutConfiguration" />
</jaxws:outInterceptors>
</jaxws:endpoint>
</beans>
<!-- applicationContext-server.xml end -->
6.alter the user name and password call back class:
//---- ServerPasswordCallback.java start
package com.bruce.cxftest.security;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ServerPasswordCallback implements CallbackHandler {
Map<String,String> userMap = new HashMap<String,String>();
public ServerPasswordCallback(){
userMap.put("apmserver", "apmserverpass");
userMap.put("apmclient", "apmclientpass");
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if (userMap.containsKey(pc.getIdentifier())) {
pc.setPassword(userMap.get(pc.getIdentifier()));
}
}
}
//---- ServerPasswordCallback.java end
The fourth step :configure client
Copy the clientStore.jks to the resource fold of the client project, The root fold of resource fold, That is the same fole as the file applicationContext-client.xml.
Create a properties file named insecurity_enc.properties in the same fold for server encryption then input the following content:
#-- insecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
org.apache.ws.security.crypto.merlin.file=clientStore.jks
#-- insecurity_enc.properties end
Create a properties file named outsecurity_enc.properties in the same fold for server signature then input the following content:
#-- outsecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
org.apache.ws.security.crypto.merlin.file=clientStore.jks
#-- outsecurity_enc.properties end
Create a properties file named outsecurity_sign.properties in the same fold for server out encryption then input the following content:
#-- outsecurity_sign.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
org.apache.ws.security.crypto.merlin.file=clientStore.jks
#-- outsecurity_sign.properties end
alter the client definition file applicationContext-client.xml.
<!-- applicationContext-client.xml start -->
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<bean id="passwordCallback" class="com.bruce.cxftest.security.ServerPasswordCallback" />
<bean id="saajInInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean id="saajOutInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken Timestamp Encrypt Signature" />
<entry key="user" value="apmclient" />
<entry key="encryptionUser" value="apmserver" />
<entry key="signaturePropFile" value="outsecurity_sign.properties" />
<entry key="signatureKeyIdentifier" value="IssuerSerial" />
<entry key="encryptionPropFile" value="outsecurity_enc.properties" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<property name="properties">
<map>
<entry key="action" value="Timestamp Encrypt Signature" />
<entry key="user" value="apmclient" />
<entry key="decryptionPropFile" value="insecurity_enc.properties" />
<entry key="enableSignatureConfirmation" value="true" />
<entry key="signaturePropFile" value="outsecurity_sign.properties" />
<entry key="signatureKeyIdentifier" value="IssuerSerial" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<jaxws:client id="addressBookClient"
serviceClass="com.bruce.cxftest.service.AddressBookService"
address="http://127.0.0.1:9080/cxftest/service/AddressBookService">
<jaxws:outInterceptors>
<ref bean="saajOutInterceptor" />
<ref bean="wss4jOutConfiguration" />
</jaxws:outInterceptors>
<jaxws:inInterceptors>
<ref bean="saajInInterceptor" />
<ref bean="wss4jInConfiguration" />
</jaxws:inInterceptors>
</jaxws:client>
</beans>
<!-- applicationContext-client.xml end -->
6.alter the user name and password call back class:
//---- ServerPasswordCallback.java start
package com.bruce.cxftest.security;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ServerPasswordCallback implements CallbackHandler {
Map<String,String> userMap = new HashMap<String,String>();
public ServerPasswordCallback(){
userMap.put("apmserver", "apmserverpass");
userMap.put("apmclient", "apmclientpass");
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if (userMap.containsKey(pc.getIdentifier())) {
pc.setPassword(userMap.get(pc.getIdentifier()));
}
}
}
//---- ServerPasswordCallback.java end
7. create a client class not use spring.
//--- CxfWsTestClient.java start
package com.bruce.cxftest.client;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.handler.WSHandlerConstants;
import com.bruce.cxftest.dto.Phone;
import com.bruce.cxftest.security.ServerPasswordCallback;
import com.bruce.cxftest.service.AddressBookService;
import com.bruce.cxftest.service.AddressBookService_Service;
public class CxfWsTestClient {
public static void main(String[] args) {
try {
URL wsdlAdd = new URL("http://127.0.0.1:9080/cxftest/service/AddressBookService?wsdl");
QName SERVICE = new QName("http://www.bruce.com/cxftest/service", "AddressBookService");
AddressBookService_Service gs = new AddressBookService_Service(wsdlAdd,SERVICE);
AddressBookService greeter = gs.getAddressBookService();
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(greeter);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
SAAJInInterceptor saajInInterceptor = new SAAJInInterceptor();
cxfEndpoint.getInInterceptors().add(saajInInterceptor);
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE);
inProps.put(WSHandlerConstants.USER, "apmclient");
inProps.put(WSHandlerConstants.DEC_PROP_FILE, "insecurity_enc.properties");
inProps.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
inProps.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity_sign.properties");
inProps.put(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ServerPasswordCallback.class.getName());
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
cxfEndpoint.getInInterceptors().add(wssIn);
SAAJOutInterceptor saajOutInterceptor = new SAAJOutInterceptor();
cxfEndpoint.getOutInterceptors().add(saajOutInterceptor);
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN
+ " " + WSHandlerConstants.TIMESTAMP
+ " " + WSHandlerConstants.ENCRYPT
+ " " + WSHandlerConstants.SIGNATURE);
outProps.put(WSHandlerConstants.USER, "apmclient");
outProps.put(WSHandlerConstants.ENCRYPTION_USER, "apmserver");
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity_sign.properties");
outProps.put(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
outProps.put(WSHandlerConstants.ENC_PROP_FILE, "insecurity_enc.properties");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ServerPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
AddressBookService service =(AddressBookService) greeter;
System.out.println("#############Client getPhone##############");
Phone phone = service.getPhone("zph");
System.out.println("AreaCode:" + phone.getAreaCode());
System.out.println("Exchange:" + phone.getExchange());
System.out.println("Number:" + phone.getNumber());
} catch (Exception e) {
e.printStackTrace();
}
}
}
//--- CxfWsTestClient.java end
The fifth step: run and debug
1.ope a Console and change directory to cxftest_build,Run the following maven command:
$mvn clean install
2.Deploy the wea package to Tomcat webapps fold' subfold cxftest.
3.start Tomcat
4.start class SpringUsersWsClient or CxfWsTestClient in the project cxftest_client and you will see the below out put information:
AreaCode:120
Exchange:10
Number:10
That means you have successful!
1.Operating System Version :Fedora14
2.Eclipse Version:J2ee版3.5
3.jdk Version:jdk1.6
4.maven local repository:/var/javaproject/repo
5.tomcat Version:1.6
6.tomcat Port:9080
7.The Web service server and client use CXF can work already. refer to CXF用户认证
The second step:Create X509 certificate store
Window batch scriptt file
create a dos batch execute file name generateKeyPair.bat and input the following content
rem ************** generateKeyPair.bat ********** start
rem @echo off
echo alias %1
echo keypass %2
echo keystoreName %3
echo KeyStorePass %4
echo keyName %5
echo keyName %5
keytool -genkey -alias %1 -keypass %2 -keystore %3 -storepass %4 -dname "cn=%1" -keyalg RSA
keytool -selfcert -alias %1 -keystore %3 -storepass %4 -keypass %2
keytool -export -alias %1 -file %5 -keystore %3 -storepass %4
rem ************** generateKeyPair.bat ********** end
create a dos batch execute file name generateServerKey.bat and input the following content:
rem ************** generateServerKey.bat ********** start
call generateKeyPair.bat apmserver apmserverpass serverStore.jks keystorePass serverKey.rsa
call generateKeyPair.bat apmclient apmclientpass clientStore.jks keystorePass clientKey.rsa
keytool -import -alias apmserver -file serverKey.rsa -keystore clientStore.jks -storepass keystorePass -noprompt
keytool -import -alias apmclient -file clientKey.rsa -keystore serverStore.jks -storepass keystorePass -noprompt
rem ************** generateServerKey.bat ********** end
Linux shell scriptt :
create a Linux shell scriptt file name generateKeyPair.sh and input the following content:
# ******************* generateKeyPair.sh start ***********
#!/bin/bash
echo alias $1
echo keypass $2
echo keystoreName $3
echo KeyStorePass $4
echo keyName $5
echo keyName $5
keytool -genkey -alias $1 -keypass $2 -keystore $3 -storepass $4 -dname "cn=$1" -keyalg RSA
keytool -selfcert -alias $1 -keystore $3 -storepass $4 -keypass $2
keytool -export -alias $1 -file $5 -keystore $3 -storepass $4
# ******************* generateKeyPair.sh end ***********
create a Linux shell scriptt file name generateServerKey.sh then input the following content:
# ******************* generateServerKey.sh start ***********
#!/bin/bash
./generateKeyPair.sh apmserver apmserverpass serverStore.jks keystorePass serverKey.rsa
./generateKeyPair.sh apmclient apmclientpass clientStore.jks keystorePass clientKey.rsa
keytool -import -alias apmserver -file serverKey.rsa -keystore clientStore.jks -storepass keystorePass -noprompt
keytool -import -alias apmclient -file clientKey.rsa -keystore serverStore.jks -storepass keystorePass -noprompt
# ******************* generateServerKey.sh end ***********
3.execute the generateServerKey.sh on Linux(generateServerKey.bat on windows) then you will get two key store file clientStore.jks and serverStore.jks. As show on the shell scriptt the user name and password is:
Server:apmserver / apmserverpass
Client:apmclient / apmclientpass
The third step:Configure Server
Copy the serverStore.jks to the resource fold of the web project, The root fold of resource fold, That is the same fold as the file applicationContext-server.xml.
Create a properties file named server_insecurity_enc.properties in the same fold for server encryption then input the following content:
#-- server_insecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmserverpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmserver
org.apache.ws.security.crypto.merlin.file=serverStore.jks
#-- server_insecurity_enc.properties end
Create a properties file named server_insecurity_sign.properties in the same fold for server signature then input the following content:
#-- server_insecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.keystore.alias=apmserver
org.apache.ws.security.crypto.merlin.file=serverStore.jks
#-- server_insecurity_enc.properties end
Create a properties file named sserver_outsecurity_enc.properties in the same fold for server out encryption then input the following content:
#-- server_outsecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.file=serverStore.jks
#-- server_outsecurity_enc.properties end
alter the service definition file applicationContext-server.xml.
<!-- applicationContext-server.xml start -->
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<bean id="addressBookServiceImpl" class="com.bruce.cxftest.service.AddressBookServiceImpl" />
<bean id="passwordCallback" class="com.bruce.cxftest.security.ServerPasswordCallback" />
<bean id="saajInInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean id="saajOutInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean id="logInInterceptor" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean id="logOutInterceptor" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
<bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken Timestamp Encrypt Signature" />
<entry key="decryptionPropFile" value="server_insecurity_enc.properties" />
<entry key="signaturePropFile" value="server_insecurity_sign.properties" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="Timestamp Encrypt Signature" />
<entry key="user" value="apmserver" />
<entry key="encryptionUser" value="apmclient" />
<entry key="encryptionPropFile" value="server_outsecurity_enc.properties" />
<entry key="signaturePropFile" value="server_insecurity_sign.properties" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<jaxws:endpoint id="addressBookService" implementor="#addressBookServiceImpl"
address="/AddressBookService" >
<jaxws:inInterceptors>
<ref bean="logInInterceptor" />
<ref bean="saajInInterceptor" />
<ref bean="wss4jInConfiguration" />
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<ref bean="logOutInterceptor" />
<ref bean="saajOutInterceptor" />
<ref bean="wss4jOutConfiguration" />
</jaxws:outInterceptors>
</jaxws:endpoint>
</beans>
<!-- applicationContext-server.xml end -->
6.alter the user name and password call back class:
//---- ServerPasswordCallback.java start
package com.bruce.cxftest.security;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ServerPasswordCallback implements CallbackHandler {
Map<String,String> userMap = new HashMap<String,String>();
public ServerPasswordCallback(){
userMap.put("apmserver", "apmserverpass");
userMap.put("apmclient", "apmclientpass");
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if (userMap.containsKey(pc.getIdentifier())) {
pc.setPassword(userMap.get(pc.getIdentifier()));
}
}
}
//---- ServerPasswordCallback.java end
The fourth step :configure client
Copy the clientStore.jks to the resource fold of the client project, The root fold of resource fold, That is the same fole as the file applicationContext-client.xml.
Create a properties file named insecurity_enc.properties in the same fold for server encryption then input the following content:
#-- insecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
org.apache.ws.security.crypto.merlin.file=clientStore.jks
#-- insecurity_enc.properties end
Create a properties file named outsecurity_enc.properties in the same fold for server signature then input the following content:
#-- outsecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
org.apache.ws.security.crypto.merlin.file=clientStore.jks
#-- outsecurity_enc.properties end
Create a properties file named outsecurity_sign.properties in the same fold for server out encryption then input the following content:
#-- outsecurity_sign.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
org.apache.ws.security.crypto.merlin.file=clientStore.jks
#-- outsecurity_sign.properties end
alter the client definition file applicationContext-client.xml.
<!-- applicationContext-client.xml start -->
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<bean id="passwordCallback" class="com.bruce.cxftest.security.ServerPasswordCallback" />
<bean id="saajInInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean id="saajOutInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken Timestamp Encrypt Signature" />
<entry key="user" value="apmclient" />
<entry key="encryptionUser" value="apmserver" />
<entry key="signaturePropFile" value="outsecurity_sign.properties" />
<entry key="signatureKeyIdentifier" value="IssuerSerial" />
<entry key="encryptionPropFile" value="outsecurity_enc.properties" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<property name="properties">
<map>
<entry key="action" value="Timestamp Encrypt Signature" />
<entry key="user" value="apmclient" />
<entry key="decryptionPropFile" value="insecurity_enc.properties" />
<entry key="enableSignatureConfirmation" value="true" />
<entry key="signaturePropFile" value="outsecurity_sign.properties" />
<entry key="signatureKeyIdentifier" value="IssuerSerial" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<jaxws:client id="addressBookClient"
serviceClass="com.bruce.cxftest.service.AddressBookService"
address="http://127.0.0.1:9080/cxftest/service/AddressBookService">
<jaxws:outInterceptors>
<ref bean="saajOutInterceptor" />
<ref bean="wss4jOutConfiguration" />
</jaxws:outInterceptors>
<jaxws:inInterceptors>
<ref bean="saajInInterceptor" />
<ref bean="wss4jInConfiguration" />
</jaxws:inInterceptors>
</jaxws:client>
</beans>
<!-- applicationContext-client.xml end -->
6.alter the user name and password call back class:
//---- ServerPasswordCallback.java start
package com.bruce.cxftest.security;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ServerPasswordCallback implements CallbackHandler {
Map<String,String> userMap = new HashMap<String,String>();
public ServerPasswordCallback(){
userMap.put("apmserver", "apmserverpass");
userMap.put("apmclient", "apmclientpass");
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if (userMap.containsKey(pc.getIdentifier())) {
pc.setPassword(userMap.get(pc.getIdentifier()));
}
}
}
//---- ServerPasswordCallback.java end
7. create a client class not use spring.
//--- CxfWsTestClient.java start
package com.bruce.cxftest.client;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.handler.WSHandlerConstants;
import com.bruce.cxftest.dto.Phone;
import com.bruce.cxftest.security.ServerPasswordCallback;
import com.bruce.cxftest.service.AddressBookService;
import com.bruce.cxftest.service.AddressBookService_Service;
public class CxfWsTestClient {
public static void main(String[] args) {
try {
URL wsdlAdd = new URL("http://127.0.0.1:9080/cxftest/service/AddressBookService?wsdl");
QName SERVICE = new QName("http://www.bruce.com/cxftest/service", "AddressBookService");
AddressBookService_Service gs = new AddressBookService_Service(wsdlAdd,SERVICE);
AddressBookService greeter = gs.getAddressBookService();
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(greeter);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
SAAJInInterceptor saajInInterceptor = new SAAJInInterceptor();
cxfEndpoint.getInInterceptors().add(saajInInterceptor);
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE);
inProps.put(WSHandlerConstants.USER, "apmclient");
inProps.put(WSHandlerConstants.DEC_PROP_FILE, "insecurity_enc.properties");
inProps.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
inProps.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity_sign.properties");
inProps.put(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ServerPasswordCallback.class.getName());
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
cxfEndpoint.getInInterceptors().add(wssIn);
SAAJOutInterceptor saajOutInterceptor = new SAAJOutInterceptor();
cxfEndpoint.getOutInterceptors().add(saajOutInterceptor);
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN
+ " " + WSHandlerConstants.TIMESTAMP
+ " " + WSHandlerConstants.ENCRYPT
+ " " + WSHandlerConstants.SIGNATURE);
outProps.put(WSHandlerConstants.USER, "apmclient");
outProps.put(WSHandlerConstants.ENCRYPTION_USER, "apmserver");
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity_sign.properties");
outProps.put(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
outProps.put(WSHandlerConstants.ENC_PROP_FILE, "insecurity_enc.properties");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ServerPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
AddressBookService service =(AddressBookService) greeter;
System.out.println("#############Client getPhone##############");
Phone phone = service.getPhone("zph");
System.out.println("AreaCode:" + phone.getAreaCode());
System.out.println("Exchange:" + phone.getExchange());
System.out.println("Number:" + phone.getNumber());
} catch (Exception e) {
e.printStackTrace();
}
}
}
//--- CxfWsTestClient.java end
The fifth step: run and debug
1.ope a Console and change directory to cxftest_build,Run the following maven command:
$mvn clean install
2.Deploy the wea package to Tomcat webapps fold' subfold cxftest.
3.start Tomcat
4.start class SpringUsersWsClient or CxfWsTestClient in the project cxftest_client and you will see the below out put information:
AreaCode:120
Exchange:10
Number:10
That means you have successful!
发表评论
-
windows10上编译openjdk12
2019-10-09 18:36 6331. 安装cygwin64 下载地址: https://c ... -
Windows10上优化Tomcat9速度
2019-10-07 23:59 776一、环境 OS:windows10 CPU:I7-67 ... -
Java调用tesseract识别中文
2019-05-09 14:57 1202环境: java:jdk1.8 os:windows1 ... -
java实现逻辑回归
2019-05-03 23:41 748pom.xml <!-- 用于矩阵运算 --&g ... -
java实现决策树算法
2018-09-17 23:06 1811决策树 package decisiontree; ... -
opencv 读取摄像头数据
2018-08-14 08:28 1506opencv 读取摄像头数据代码: package ope ... -
opencv 播放视频
2018-08-14 08:26 581opencv播放视频代码: package openvc; ... -
windows10上配置opencv开发环境
2018-08-14 08:21 9081. 下载opencv 3.4.2 地址:htt ... -
centos7上编译openjdk10
2018-08-07 19:34 908一、准备 确保服务器能连上网,最好能连国外的网。 安装J ... -
window10上编译openjdk9
2018-08-06 10:26 11511. 安装cygwin64 下载地址: https://c ... -
软件调用时间数量级
2017-08-04 14:21 316No. 类型类型 耗时 1 本地 ... -
加快tomcat8启动速度
2017-02-08 09:28 16121.禁止Servlet 3扫描 修改tomcat/conf/c ... -
CXF开通用户认证
2016-03-28 15:11 660第一部分:环境 1.系统版本:Fedora14 2.Ecli ... -
MAVEN 常用命令
2016-03-28 14:57 4631.下载包的源文件与文旦 mvn eclipse:eclips ... -
iReport&Jaspereport 显示二维码
2016-03-25 10:05 16041) 将 ZXing’s Core and JavaSE ja ... -
window10上编译openJDK8
2016-02-03 11:37 20301. MinGW + msys + OpenJDK8: 我已经 ...
相关推荐
1)参考: ...2)CXFWS工程是基于WS-Security规范,实现X.509身份验证的,同时实现签名和加密 keytool 工具的使用参考 http://hi.baidu.com/qianshuifanchuan/blog/item/6291b8510009ad3c42a75b8e.html ...
CXF WS-Security WSS4J 例子 可以运行,运行的时候只要运行client就行,重点是运行完之后要关掉第一个控制台,才能看到结果。一定要记得改一下client的路径名
springboot+CXF+security 简单实现,同时使用webservice 与MVC
配置cxf ws security的教程
springMVC3+apache CXF+spring security3+mybatis3(proxool)整合项目demo,主要是配置文件组成,和security扩展
cxf ws-Security的实现 WS-SecurityPolicy 安全配置指定在客户机和服务之间交换的消息所需的安全处理。在大多数情况下,Web 服务堆栈还需要更多信息,才能对消息交换应用安全措施。 里面有2个project,分别server ...
对WebServcie进行双层加密,自己写的一个小例子。
cxf结合ws-security实现webservice 用户名/密码身份认证安全调用,依赖包
经过了几天的努力与查询不少的资料与调试,头都大了,终于给CXF加上了一把密码锁,希望进步;
纯java调用ws-security+CXF实现的webservice安全接口
利用CXF3.0.2+Spring3.2.14发布WSSecurity!需要源代码可以下载!
NULL 博文链接:https://huiseyiyu.iteye.com/blog/1172161
博文链接:https://melin.iteye.com/blog/204732
JAVA CXF webservice的示例代码 Eclipse工程
Web Services Standards Support: CXF supports a variety of web service standards including SOAP, the Basic Profile, WSDL, WS-Addressing, WS-Policy, WS-ReliableMessaging, WS-Security, WS-SecurityPolicy,...
CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载 CXF下载
使用cxf webservice时容易出现的异常
JAVA7和JAVA8对应CXF资源 WebService CXF 用了一天时间找,官网打不开,国内要积分,下下来又永不了。最后终于搞到手,上传上来分享给大家。 jdk版本 CXF版本 java 9及以上 3.3.x java 8 3.x java 7 2.2x --- ...
CXF源码:CXF_Spring源码 CXF源码:CXF_Spring源码